During the upgrade the service must run the delta.ua program supplied in
the delta.tar file to correctly execute the entire process.
Thus, it's infeasible to depend on POSIX file capabilities as the
delta.ua from upgrade package (delta.tar) will not have it. This leaves
us with either (1) need to apply needed caps in runtime (de facto
requiring super privileges for the process controlling this action), or
(2) simplifying the process and changing the user of update-manager to
root.
This commit implements (2) option as, in practice, this program is
responsible for flashing complete platform images so it effectively has
every permission possible (as it can flash any data of its choosing)
Change-Id: I33477c7a9981fb59effd1846c8733ff8e77c752b
(cherry picked from commit
1947ff870e848333d155f375ff5aaa6bcb0c30db)
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
- <policy user="system_fw">
+ <policy user="root">
<allow own="org.tizen.update.manager"/>
</policy>
<policy context="default">
<allow send_destination="org.tizen.update.manager" send_interface="org.tizen.update.manager" send_member="result" />
<allow send_destination="org.tizen.update.manager" send_interface="org.freedesktop.DBus.Properties" send_member="GetAll" />
</policy>
-</busconfig>
\ No newline at end of file
+</busconfig>
Requires=ac.service
[Service]
-User=system_fw
-Group=system_fw
+User=root
+Group=root
Type=simple
-Capabilities=cap_sys_admin,cap_dac_override=i
-SecureBits=keep-caps
SmackProcessLabel=System
ExecStart=/usr/bin/update-manager
Restart=on-failure
projects / platform / core / system / update-control.git / commitdiff